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Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) 
Asymmetric Key Package Content Type 
Abstract 
This document describes conventions for using Elliptic Curve 
cryptographic algorithms with SignedData and EnvelopedData to protect 
the AsymmetricKeyPackage content type. Specifically, it includes 
conventions necessary to implement Elliptic Curve Diffie-Hellman 
(ECDH) with EnvelopedData and Elliptic Curve Digital Signature 
Algorithm (ECDSA) with SignedData. This document extends RFC 5959. 
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1. Introduction 


[RFC5959] describes conventions necessary to protect the 
AsymmetricKeyPackage content type [RFC5958] with Cryptographic 
Message Syntax (CMS) protecting the following content types: 
SignedData [RFC5652], EnvelopedData [RFC5652], EncryptedData 
[RFC5652], AuthenticatedData [RFC5652], and AuthEnvelopedData 
[RFC5083]. This document amends [RFC5959] by extending the 
algorithms used with SignedData and EnvelopedData to include Elliptic 
Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie- 
Hellman (ECDH), respectively. Familiarity with [RFC5959] and 
[RFC5753] is assumed. 


This document does not define any new algorithms; instead, it refers 
to previously defined algorithms. 


1.1 Terminology 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", “SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 
"OPTIONAL" in this document are to be interpreted as described in 


[RFC2119]. 

2. AsymmetricKeyPackage 
As noted in Asymmetric Key Packages [RFC5958], CMS can be used to 
protect the AsymmetricKeyPackage. The following provides guidance 
for SignedData [RFC5652] and EnvelopedData [RFC5652] when used with 
Elliptic Curve algorithms. 


2.1. SignedData 


If an implementation supports SignedData, then it MAY support ECDSA 
[RFC6090] [RFC5753]. 


2.2. EnvelopedData 


When key agreement is used, standard (as opposed to cofactor) ECDH 
[RFC6090] [RFC5753] MAY be supported. 


3. Public Key Sizes 
The easiest way to implement SignedData and EnvelopedData is with 


public key certificates [RFC5280][RFC5480]. If an implementation 
supports ECDSA or ECDH, then it MUST support keys on the P-256 curve. 
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4. Security Considerations 


The security considerations from [RFC5280], [RFC5480], [RFC5652], 
[RFC5753], [RFC5959], and [RFC6090] apply. 
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